Side-Channel Attack Vulnerability in RSA BSAFE Products
CVE-2016-0887

5.9MEDIUM

Key Information:

Vendor
Dell
Status
Bsafe Crypto-j
Bsafe Ssl-c
Bsafe Crypto-c-micro-edition
Bsafe Micro-edition-suite
Vendor
CVE Published:
12 April 2016

Summary

The vulnerability found in RSA BSAFE products allows remote attackers to exploit weaknesses in the key generation process. By utilizing a Lenstra side-channel attack, an attacker can deduce a private-key prime during a TLS session due to the application's failure to properly detect an RSA signature failure. This can compromise secure communications and potentially expose sensitive information, making it crucial for affected users to apply the necessary patches.

References

http://seclists.org/bugtraq/2016/Apr/66
mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1035515
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/archive/1/538055/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.